Bugs item #1861487, was opened at 2007-12-31 20:02
Message generated for change (Settings changed) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1861487&group_id=976
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: SSL/TLS
Group: bad behaviour
>Status: Pending
Resolution: None
Priority: 5
Private: No
Submitted By: prasad (hanuman2k)
Assigned to: Daniel Stenberg (bagder)
Summary: (35) Unknown SSL protocol error in connection to ssl server
Initial Comment:
curl Version:
curl 7.17.1 (powerpc-ibm-aix5.3.0.0) libcurl/7.17.1 OpenSSL/0.9.8a zlib/1.2.2
Protocols: tftp ftp telnet dict http file https ftps
Features: IPv6 Largefile NTLM SSL libz
OS Version:
AIX UNIX 5.3
Following is Command line tool used to connect to the server:
curl --trace -v -k --ftp-ssl -3 -T /full/path/test.txt ftp://USERID:PASSWORD@ftpssl.xxx.com
Below is the output I got on UNIX comman prompt:
== Info: About to connect() to ftpssl.xxx.com port 21 (#0)
== Info: Trying xxx.xx.xx.xxx... == Info: connected
== Info: Connected to ftpssl.xxx.com (xxx.xx.xx.xx) port 21 (#0)
<= Recv header, 66 bytes (0x42)
0000: 32 32 30 20 52 42 43 4e 47 20 46 54 50 53 20 28 220 RBCNG FTPS (
0010: 56 65 72 73 69 6f 6e 20 20 4d 6f 6e 20 44 65 63 Version Mon Dec
0020: 20 33 31 20 31 33 3a 34 31 3a 31 31 20 32 30 30 31 13:41:11 200
0030: 37 29 20 73 65 72 76 65 72 20 72 65 61 64 79 2e 7) server ready.
0040: 0d 0a ..
=> Send header, 10 bytes (0xa)
0000: 41 55 54 48 20 53 53 4c 0d 0a AUTH SSL..
<= Recv header, 42 bytes (0x2a)
0000: 32 33 34 20 45 6e 61 62 6c 69 6e 67 20 53 53 4c 234 Enabling SSL
0010: 2c 20 61 77 61 69 74 69 6e 67 20 6e 65 67 6f 74 , awaiting negot
0020: 69 61 74 69 6f 6e 73 2e 0d 0a iations...
== Info: successfully set certificate verify locations:
== Info: CAfile: /usr/local/share/curl/curl-ca-bundle.crt
CApath: none
== Info: SSLv3, TLS handshake, Client hello (1):
=> Send SSL data, 97 bytes (0x61)
0000: 01 00 00 5d 03 00 47 79 37 c7 34 4b cd 4f c9 f9 ...]..Gy7.4K.O..
0010: 68 ff 5b fa 0f 2b cf ad 21 6d cb d7 68 d5 59 74 h.[..+..!m..h.Yt
0020: a5 c3 92 67 c1 7d 00 00 36 00 39 00 38 00 35 00 ...g.}..6.9.8.5.
0030: 16 00 13 00 0a 00 33 00 32 00 2f 00 07 00 66 00 ......3.2./...f.
0040: 05 00 04 00 63 00 62 00 61 00 15 00 12 00 09 00 ....c.b.a.......
0050: 65 00 64 00 60 00 14 00 11 00 08 00 06 00 03 01 e.d.`...........
0060: 00 .
== Info: Unknown SSL protocol error in connection to ftpssl.xxx.com:21
== Info: Closing connection #0
curl: (35) Unknown SSL protocol error in connection to ftpssl.xxx.com:21
In the trace output it showing as connected and at the end again it saying the Unknown SSL protocol error in connection to ftpssl.xxx.com:21
Please pass the comments
----------------------------------------------------------------------
Comment By: Daniel Stenberg (bagder)
Date: 2008-01-02 22:04
Message:
Logged In: YES
user_id=1110
Originator: NO
Well, ftps:// URLs use a different default port (990 instead of 21) and
assumes SSL already from the connect on the control connection, so you
can't just pick one of them at your choice, it all depends on what the
server wants.
And no, if a recent OpenSSL version also gives you this problem then I
don't know what the problem is and you'll need to start debugging or get
someone else to debug it. I've never seen this problem.
I don't think it is firewall-related since the connection is done fine, it
is just the SSL/TLS handshake that fails.
----------------------------------------------------------------------
Comment By: prasad (hanuman2k)
Date: 2008-01-02 18:11
Message:
Logged In: YES
user_id=1970854
Originator: YES
Hi Daniel,
I am getting the same error (output ) without SSLv3 , when used without -3
option it given the same error
curl: (35) Unknown SSL protocol error in connection to ftpssl.xxx.com:21
But if i use the FTPS , then getting the couldn't connect to host error
/usr/local/bin>curl --trace -v -k -T /home/TEST/test.txt
ftps://USERID:PASSWORD_at_ftpssl.xxx.com
== Info: About to connect() to ftpssl.xxx.com port 990 (#0)
== Info: Trying xxx.xxx.xx.xx... == Info: A remote host refused an
attempted connect operation.
== Info: couldn't connect to host
== Info: Closing connection #0
curl: (7) couldn't connect to host
So i am not sure whether this is due to firewall issues or curl/openssl
version issues ?
----------------------------------------------------------------------
Comment By: Daniel Stenberg (bagder)
Date: 2008-01-01 21:46
Message:
Logged In: YES
user_id=1110
Originator: NO
Also note that you're using an old and insecure OpenSSL version that you
might want to try to upgrade first and retry this with.
----------------------------------------------------------------------
Comment By: Daniel Stenberg (bagder)
Date: 2008-01-01 20:14
Message:
Logged In: YES
user_id=1110
Originator: NO
First, I made this into a bug report since it really isn't a
feature-request.
But really, what is it that you want? There's some kind of error returned
from OpenSSL. What if you're not enforcing SSLv3?
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1861487&group_id=976
Received on 2008-01-06